playbooks
Learn Cursor Rules Windsurf Rules CLAUDE.md AGENTS.md
Rules Builder MCPs Modes
Log in

Malware Analyzer MCP server

Provides specialized terminal access to common malware analysis tools like 'strings', 'file', 'hexdump', and 'objdump' with parameter validation and timeout handling for security researchers analyzing suspicious files.
Back to servers
Setup instructions
Provider
Abdessamad El Amrani
Release date
May 06, 2025
Stats
2 stars
View Markdown
View on GitHub

The MalwareAnalyzerMCP server provides specialized functionality for Claude Desktop, allowing users to execute terminal commands specifically designed for malware analysis tasks. It offers a secure and configurable interface for analyzing suspicious files through various command-line tools.

Installation

Setting up the MalwareAnalyzerMCP server requires Node.js 18 or higher and is compatible with Node.js v22+ using ESM modules.

# Install dependencies
npm install

Running the Server

You can start the MCP server using one of the following methods:

# Start the server directly
node index.js

# Or use npm script
npm start

# With debugging proxy (logs all communications)
npm run debug

Integration with Claude Desktop

To connect the MalwareAnalyzerMCP server with Claude Desktop:

  1. Open Claude Desktop's settings (Claude menu → Settings)
  2. Click on "Developer" and then "Edit Config"
  3. Update your configuration to include:
{
  "mcpServers": {
    "MalwareAnalysisMCP": {
      "command": "node",
      "args": [
        "/path/to/MalwareAnalysisMCP/index.js"
      ]
    }
  }
}

Note: Replace /path/to/MalwareAnalysisMCP with the actual path to your project directory.

  1. Restart Claude Desktop to apply the changes

Debugging

To monitor communication between Claude Desktop and the MCP server:

  1. Update your Claude Desktop configuration to use the debug proxy:
{
  "mcpServers": {
    "MalwareAnalysisMCP": {
      "command": "node",
      "args": [
        "/path/to/MalwareAnalysisMCP/mcp-debug-proxy.js"
      ]
    }
  }
}
  1. Check the logs directory for detailed communication logs

Available API Features

Basic Tools

shell_command

Executes a terminal command and returns its process ID, output, and blocked status.

Parameters:

  • command (string): The command to execute in the terminal
  • timeout_ms (number, optional): Timeout in milliseconds (default: 30000)

Returns:

  • pid (number): Process ID
  • output (string): Command output
  • isBlocked (boolean): Whether the command execution is blocked/timed out

read_output

Reads output from a running or completed process.

Parameters:

  • pid (number): The process ID to read output from

Returns:

  • output (string | null): The process output, or null if the process is not found

Specialized Malware Analysis Tools

file

Analyze a file and determine its type.

Parameters:

  • target (string): Target file to analyze
  • options (string, optional): Additional command-line options

Example:

{
  "target": "suspicious.exe",
  "options": "-b"
}

strings

Extract printable strings from a file.

Parameters:

  • target (string): Target file to analyze
  • minLength (number, optional): Minimum string length to display
  • encoding (string, optional): String encoding (s=7-bit, S=8-bit, b=16-bit big-endian, l=16-bit little-endian, etc.)
  • options (string, optional): Additional command-line options

Example:

{
  "target": "suspicious.exe",
  "minLength": 10,
  "encoding": "l"
}

hexdump

Display file contents in hexadecimal format.

Parameters:

  • target (string): Target file to analyze
  • length (number, optional): Number of bytes to display
  • offset (number, optional): Starting offset in the file
  • options (string, optional): Additional command-line options

Example:

{
  "target": "suspicious.exe",
  "length": 256,
  "offset": 1024
}

objdump

Display information from object files.

Parameters:

  • target (string): Target file to analyze
  • disassemble (boolean, optional): Disassemble executable sections
  • headers (boolean, optional): Display the contents of the section headers
  • options (string, optional): Additional command-line options

Example:

{
  "target": "suspicious.exe",
  "disassemble": true
}

xxd

Create a hexdump with ASCII representation.

Parameters:

  • target (string): Target file to analyze
  • length (number, optional): Number of bytes to display
  • offset (number, optional): Starting offset in the file
  • cols (number, optional): Format output into specified number of columns
  • bits (boolean, optional): Switch to bits (binary) dump
  • options (string, optional): Additional command-line options

Example:

{
  "target": "suspicious.exe",
  "cols": 16,
  "bits": true
}

How to install this MCP server

For Claude Code

To add this MCP server to Claude Code, run this command in your terminal:

claude mcp add-json "MalwareAnalysisMCP" '{"command":"node","args":["/path/to/MalwareAnalysisMCP/index.js"]}'

See the official Claude Code MCP documentation for more details.

For Cursor

There are two ways to add an MCP server to Cursor. The most common way is to add the server globally in the ~/.cursor/mcp.json file so that it is available in all of your projects.

If you only need the server in a single project, you can add it to the project instead by creating or adding it to the .cursor/mcp.json file.

Adding an MCP server to Cursor globally

To add a global MCP server go to Cursor Settings > Tools & Integrations and click "New MCP Server".

When you click that button the ~/.cursor/mcp.json file will be opened and you can add your server like this:

{
    "mcpServers": {
        "MalwareAnalysisMCP": {
            "command": "node",
            "args": [
                "/path/to/MalwareAnalysisMCP/index.js"
            ]
        }
    }
}

Adding an MCP server to a project

To add an MCP server to a project you can create a new .cursor/mcp.json file or add it to the existing one. This will look exactly the same as the global MCP server example above.

How to use the MCP server

Once the server is installed, you might need to head back to Settings > MCP and click the refresh button.

The Cursor agent will then be able to see the available tools the added MCP server has available and will call them when it needs to.

You can also explicitly ask the agent to use the tool by mentioning the tool name and describing what the function does.

For Claude Desktop

To add this MCP server to Claude Desktop:

1. Find your configuration file:

  • macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
  • Windows: %APPDATA%\Claude\claude_desktop_config.json
  • Linux: ~/.config/Claude/claude_desktop_config.json

2. Add this to your configuration file:

{
    "mcpServers": {
        "MalwareAnalysisMCP": {
            "command": "node",
            "args": [
                "/path/to/MalwareAnalysisMCP/index.js"
            ]
        }
    }
}

3. Restart Claude Desktop for the changes to take effect

Want to 10x your AI skills?

Get a free account and learn to code + market your apps using AI (with or without vibes!).

Nah, maybe later